The latest update to Mozilla Firefox adds a new subsystem called RLBox which can isolate subcomponents making the browser more secure.
How Does RLBox Work?
RLBox compiles a process into WebAssembly, and that converted process is then re-converted to native code. This prevents code from moving between different portions of a program, this limits access to specfic parts of the system memory. This sandboxing technique protects users from potential threats.
Bobby Holley from Mozilla said that “RLBox is a big win for us on several fronts: it protects our users from accidental defects as well as supply-chain attacks, and it reduces the need for us to scramble when such issues are disclosed upstream. As such, we intend to continue applying to more components going forward.”
RLBox isolates 5 components in Firefox 95:
- The Graphite rendering engine
- Ogg media module
- Hunspell spellchecker
- Expat XML parser
- Woff2 font compression
Why Is This Important?
Every web browser runs content using their own sandbox process in order to prevent code from exploiting vulnerabilities. The problem with this is that threat actors attack by chaining vulnerabilities together with one to compromise the sandboxed process and the other to escape that sandbox. Browsers need to have multiple layers of protection to defend against this.
Firefox uses RLBox to put two restrictions on target code:
- It isn’t allowed to jump to unexpected parts of the program.
- It can’t access memory outside of a specific region.
This results in Firefox being able to safely share an address space between trusted and untrusted code to run the same process.